Vulnerability Database

309,587

Total vulnerabilities in the database

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

Published: Apr 21, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-43972
GHSA: GHSA-mfvv-mgf6-q25r
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWEs:

CWE-1284

Affected Software
References

Software	From	Fixed in
github.com/osrg/gobgp	-	-
github.com/osrg/gobgp/v3	-	3.35.0
osrg / gobgp	-	3.35.0

https://github.com/osrg/gobgp/commit/ca7383f450f7b296c5389feceef2467de5ab6e5a
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo